91a7552bea
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmGUwhUACgkQONu9yGCS aT4hlBAAjcjBBtJ7IuVRAbJhRSIW3H0viMdPTBvydSNwSF6mk9BL56CQ+OyAGLaB Fnb5DNxhIO9DAbwuvBW4wEJibSA1Q4191bRjZEKrf70LRdmA51vz0dBu2KRNV+IV HWtJYyXIyqqU/EXPsVmdmNFxr6YUCUmkyEaE18/rsg/cZmMg/Zot434cnSuzVzrW 9yLQVQAs7CAKD7kICZ/S7P7V1IKQyuLj5meX2BBE24YwukvlA9N5ISXGQuW91683 iqv0cfjwYtfrNMOE7K2AKrDgZ0AxuLrIiyppqHjHPB+zIvgm2ErQU+Hp76hVtWpW yP0cq6ReP3ktc9Hmxr49xU1l3D/6jo+OyqQh5eomP2veGpRh3dq+oe1VoN7Iw9Xg YBvjOuononlBoChsddlbxwQTZIXff9MvOK2zADmHM0740xTlqSIgw6ITdg/lyKG8 7QbM6pSepXKVXDhHtbEQQGIJP/SvLyjGKX5pJjTKQ0cemkGJ/Sp/HNHMlf/CRLen LsS2kHCuBTWKQP0NJaAIp0J3lNfcCnB8Cv2BhmkHkVPx0jEvlZKDVJqdH7tbpIdy hdR9vwq9neBIjAiTFMEAuV1/+zGR4zNqiocUXhkIC9BAzrBKinyct78kV2trVOc2 J4lFhpOv1I9/HwaqP6kYnJW+nNoMzN3sD0uT8fk8dlYo5GBvbVk= =YkOP -----END PGP SIGNATURE----- Merge 5.4.160 into android11-5.4-lts Changes in 5.4.160 xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay usb: xhci: Enable runtime-pm by default on AMD Yellow Carp platform binder: use euid from cred instead of using task binder: use cred instead of task for selinux checks binder: use cred instead of task for getsecid Input: iforce - fix control-message timeout Input: elantench - fix misreporting trackpoint coordinates Input: i8042 - Add quirk for Fujitsu Lifebook T725 libata: fix read log timeout value ocfs2: fix data corruption on truncate scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file scsi: qla2xxx: Fix use after free in eh_abort path mmc: dw_mmc: Dont wait for DRTO on Write RSP error parisc: Fix ptrace check on syscall return tpm: Check for integer overflow in tpm2_map_response_body() firmware/psci: fix application of sizeof to pointer crypto: s5p-sss - Add error handling in s5p_aes_probe() media: ite-cir: IR receiver stop working after receive overflow media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers media: v4l2-ioctl: Fix check_ext_ctrls ALSA: hda/realtek: Add quirk for Clevo PC70HS ALSA: hda/realtek: Add a quirk for Acer Spin SP513-54N ALSA: hda/realtek: Add quirk for ASUS UX550VE ALSA: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED ALSA: ua101: fix division by zero at probe ALSA: 6fire: fix control and bulk message timeouts ALSA: line6: fix control and interrupt message timeouts ALSA: usb-audio: Add registration quirk for JBL Quantum 400 ALSA: synth: missing check for possible NULL after the call to kstrdup ALSA: timer: Fix use-after-free problem ALSA: timer: Unconditionally unlink slave instances, too fuse: fix page stealing x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c x86/cpu: Fix migration safety with X86_BUG_NULL_SEL x86/irq: Ensure PI wakeup handler is unregistered before module unload cavium: Return negative value when pci_alloc_irq_vectors() fails scsi: qla2xxx: Return -ENOMEM if kzalloc() fails scsi: qla2xxx: Fix unmap of already freed sgl cavium: Fix return values of the probe function sfc: Don't use netif_info before net_device setup hyperv/vmbus: include linux/bitops.h ARM: dts: sun7i: A20-olinuxino-lime2: Fix ethernet phy-mode reset: socfpga: add empty driver allowing consumers to probe mmc: winbond: don't build on M68K drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 bpf: Define bpf_jit_alloc_exec_limit for arm64 JIT bpf: Prevent increasing bpf_jit_limit above max xen/netfront: stop tx queues during live migration nvmet-tcp: fix a memory leak when releasing a queue spi: spl022: fix Microwire full duplex mode net: multicast: calculate csum of looped-back and forwarded packets watchdog: Fix OMAP watchdog early handling drm: panel-orientation-quirks: Add quirk for GPD Win3 nvmet-tcp: fix header digest verification r8169: Add device 10ec:8162 to driver r8169 vmxnet3: do not stop tx queues after netif_device_detach() nfp: bpf: relax prog rejection for mtu check through max_pkt_offset net/smc: Correct spelling mistake to TCPF_SYN_RECV btrfs: clear MISSING device status bit in btrfs_close_one_device btrfs: fix lost error handling when replaying directory deletes btrfs: call btrfs_check_rw_degradable only if there is a missing device ia64: kprobes: Fix to pass correct trampoline address to the handler hwmon: (pmbus/lm25066) Add offset coefficients regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell mwifiex: fix division by zero in fw download path ath6kl: fix division by zero in send path ath6kl: fix control-message timeout ath10k: fix control-message timeout ath10k: fix division by zero in send path PCI: Mark Atheros QCA6174 to avoid bus reset rtl8187: fix control-message timeouts evm: mark evm_fixmode as __ro_after_init wcn36xx: Fix HT40 capability for 2Ghz band mwifiex: Read a PCI register after writing the TX ring write pointer libata: fix checking of DMA state wcn36xx: handle connection loss indication rsi: fix occasional initialisation failure with BT coex rsi: fix key enabled check causing unwanted encryption for vap_id > 0 rsi: fix rate mask set leading to P2P failure rsi: Fix module dev_oper_mode parameter description RDMA/qedr: Fix NULL deref for query_qp on the GSI QP signal: Remove the bogus sigkill_pending in ptrace_stop signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT power: supply: max17042_battery: Prevent int underflow in set_soc_threshold power: supply: max17042_battery: use VFSOC for capacity when no rsns KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use can: j1939: j1939_tp_cmd_recv(): ignore abort message in the BAM transport can: j1939: j1939_can_recv(): ignore messages with invalid source address powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found serial: core: Fix initializing and restoring termios speed ALSA: mixer: oss: Fix racy access to slots ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume xen/balloon: add late_initcall_sync() for initial ballooning done PCI: pci-bridge-emul: Fix emulation of W1C bits PCI: aardvark: Do not clear status bits of masked interrupts PCI: aardvark: Fix checking for link up via LTSSM state PCI: aardvark: Do not unmask unused interrupts PCI: aardvark: Fix reporting Data Link Layer Link Active PCI: aardvark: Fix return value of MSI domain .alloc() method PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG quota: check block number when reading the block in quota file quota: correct error number in free_dqentry() pinctrl: core: fix possible memory leak in pinctrl_enable() iio: dac: ad5446: Fix ad5622_write() return value USB: serial: keyspan: fix memleak on probe errors USB: iowarrior: fix control-message timeouts USB: chipidea: fix interrupt deadlock dma-buf: WARN on dmabuf release with pending attachments drm: panel-orientation-quirks: Update the Lenovo Ideapad D330 quirk (v2) drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy Book 10.6 Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() Bluetooth: fix use-after-free error in lock_sock_nested() drm/panel-orientation-quirks: add Valve Steam Deck platform/x86: wmi: do not fail if disabling fails MIPS: lantiq: dma: add small delay after reset MIPS: lantiq: dma: reset correct number of channel locking/lockdep: Avoid RCU-induced noinstr fail net: sched: update default qdisc visibility after Tx queue cnt changes smackfs: Fix use-after-free in netlbl_catmap_walk() x86: Increase exception stack sizes mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type mwifiex: Properly initialize private structure on interface type changes ath10k: high latency fixes for beacon buffer media: mt9p031: Fix corrupted frame after restarting stream media: netup_unidvb: handle interrupt properly according to the firmware media: stm32: Potential NULL pointer dereference in dcmi_irq_thread() media: uvcvideo: Set capability in s_param media: uvcvideo: Return -EIO for control errors media: uvcvideo: Set unique vdev name based in type media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe() media: s5p-mfc: Add checking to s5p_mfc_probe(). media: imx: set a media_device bus_info string media: mceusb: return without resubmitting URB in case of -EPROTO error. ia64: don't do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet media: rcar-csi2: Add checking to rcsi2_start_receiver() ipmi: Disable some operations during a panic ACPICA: Avoid evaluating methods too early during system resume media: ipu3-imgu: imgu_fmt: Handle properly try media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() net-sysfs: try not to restart the syscall if it will fail eventually tracefs: Have tracefs directories not set OTH permission bits by default ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() iov_iter: Fix iov_iter_get_pages{,_alloc} page fault return value ACPI: battery: Accept charges over the design capacity as full leaking_addresses: Always print a trailing newline memstick: r592: Fix a UAF bug when removing the driver lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression lib/xz: Validate the value before assigning it to an enum variable workqueue: make sysfs of unbound kworker cpumask more clever tracing/cfi: Fix cmp_entries_* functions signature mismatch mwl8k: Fix use-after-free in mwl8k_fw_state_machine() block: remove inaccurate requeue check nvmet: fix use-after-free when a port is removed nvmet-tcp: fix use-after-free when a port is removed nvme: drop scan_lock and always kick requeue list when removing namespaces PM: hibernate: Get block device exclusively in swsusp_check() selftests: kvm: fix mismatched fclose() after popen() iwlwifi: mvm: disable RX-diversity in powersave smackfs: use __GFP_NOFAIL for smk_cipso_doi() ARM: clang: Do not rely on lr register for stacktrace gre/sit: Don't generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE ARM: 9136/1: ARMv7-M uses BE-8, not BE-32 vrf: run conntrack only in context of lower/physdev for locally generated packets net: annotate data-race in neigh_output() btrfs: do not take the uuid_mutex in btrfs_rm_device spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe() x86/hyperv: Protect set_hv_tscchange_cb() against getting preempted parisc: fix warning in flush_tlb_all task_stack: Fix end_of_stack() for architectures with upwards-growing stack parisc/unwind: fix unwinder when CONFIG_64BIT is enabled parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling netfilter: conntrack: set on IPS_ASSURED if flows enters internal stream state selftests/bpf: Fix strobemeta selftest regression Bluetooth: fix init and cleanup of sco_conn.timeout_work rcu: Fix existing exp request check in sync_sched_exp_online_cleanup() drm/v3d: fix wait for TMU write combiner flush virtio-gpu: fix possible memory allocation failure net: net_namespace: Fix undefined member in key_remove_domain() cgroup: Make rebind_subsystems() disable v2 controllers all at once wilc1000: fix possible memory leak in cfg_scan_result() Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync crypto: caam - disable pkc for non-E SoCs rxrpc: Fix _usecs_to_jiffies() by using usecs_to_jiffies() net: dsa: rtl8366rb: Fix off-by-one bug ath10k: Fix missing frame timestamp for beacon/probe-resp drm/amdgpu: fix warning for overflow check media: em28xx: add missing em28xx_close_extension media: cxd2880-spi: Fix a null pointer dereference on error handling path media: dvb-usb: fix ununit-value in az6027_rc_query media: TDA1997x: handle short reads of hdmi info frame. media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' media: radio-wl1273: Avoid card name truncation media: si470x: Avoid card name truncation media: tm6000: Avoid card name truncation media: cx23885: Fix snd_card_free call on null card pointer kprobes: Do not use local variable when creating debugfs file crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency cpuidle: Fix kobject memory leaks in error paths media: em28xx: Don't use ops->suspend if it is NULL ath9k: Fix potential interrupt storm on queue reset EDAC/amd64: Handle three rank interleaving mode netfilter: nft_dynset: relax superfluous check on set updates media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable() crypto: qat - detect PFVF collision after ACK crypto: qat - disregard spurious PFVF interrupts hwrng: mtk - Force runtime pm ops for sleep ops b43legacy: fix a lower bounds test b43: fix a lower bounds test mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured memstick: avoid out-of-range warning memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() net, neigh: Fix NTF_EXT_LEARNED in combination with NTF_USE hwmon: Fix possible memleak in __hwmon_device_register() hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff ath10k: fix max antenna gain unit drm/msm: uninitialized variable in msm_gem_import() net: stream: don't purge sk_error_queue in sk_stream_kill_queues() mmc: mxs-mmc: disable regulator on error and in the remove function block: ataflop: fix breakage introduced at blk-mq refactoring platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning mt76: mt76x02: fix endianness warnings in mt76x02_mac.c rsi: stop thread firstly in rsi_91x_init() error handling mwifiex: Send DELBA requests according to spec phy: micrel: ksz8041nl: do not use power down mode nvme-rdma: fix error code in nvme_rdma_setup_ctrl PM: hibernate: fix sparse warnings clocksource/drivers/timer-ti-dm: Select TIMER_OF drm/msm: Fix potential NULL dereference in DPU SSPP smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi libbpf: Fix BTF data layout checks and allow empty BTF s390/gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap() irq: mips: avoid nested irq_enter() tcp: don't free a FIN sk_buff in tcp_remove_empty_skb() samples/kretprobes: Fix return value if register_kretprobe() failed KVM: s390: Fix handle_sske page fault handling libertas_tf: Fix possible memory leak in probe and disconnect libertas: Fix possible memory leak in probe and disconnect wcn36xx: add proper DMA memory barriers in rx path drm/amdgpu/gmc6: fix DMA mask from 44 to 40 bits net: amd-xgbe: Toggle PLL settings during rate change net: phylink: avoid mvneta warning when setting pause parameters crypto: pcrypt - Delay write to padata->info selftests/bpf: Fix fclose/pclose mismatch in test_progs udp6: allow SO_MARK ctrl msg to affect routing ibmvnic: don't stop queue in xmit ibmvnic: Process crqs after enabling interrupts RDMA/rxe: Fix wrong port_cap_flags clk: mvebu: ap-cpu-clk: Fix a memory leak in error handling paths ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc() arm64: dts: rockchip: Fix GPU register width for RK3328 ARM: dts: qcom: msm8974: Add xo_board reference clock to DSI0 PHY RDMA/bnxt_re: Fix query SRQ failure arm64: dts: meson-g12a: Fix the pwm regulator supply properties ARM: dts: at91: tse850: the emac<->phy interface is rmii scsi: dc395: Fix error case unwinding MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT JFS: fix memleak in jfs_mount ALSA: hda: Reduce udelay() at SKL+ position reporting arm: dts: omap3-gta04a4: accelerometer irq fix soc/tegra: Fix an error handling path in tegra_powergate_power_up() memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe clk: at91: check pmc node status before registering syscore ops video: fbdev: chipsfb: use memset_io() instead of memset() serial: 8250_dw: Drop wrong use of ACPI_PTR() usb: gadget: hid: fix error code in do_config() power: supply: rt5033_battery: Change voltage values to µV scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() RDMA/mlx4: Return missed an error if device doesn't support steering staging: ks7010: select CRYPTO_HASH/CRYPTO_MICHAEL_MIC ARM: dts: stm32: fix SAI sub nodes register range ASoC: cs42l42: Correct some register default values ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER phy: qcom-qusb2: Fix a memory leak on probe serial: xilinx_uartps: Fix race condition causing stuck TX HID: u2fzero: clarify error check and length calculations HID: u2fzero: properly handle timeouts in usb_submit_urb powerpc/44x/fsp2: add missing of_node_put mips: cm: Convert to bitfield API to fix out-of-bounds access power: supply: bq27xxx: Fix kernel crash on IRQ handler register error apparmor: fix error check rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds drm/plane-helper: fix uninitialized variable reference PCI: aardvark: Don't spam about PIO Response Status PCI: aardvark: Fix preserving PCI_EXP_RTCTL_CRSSVE flag on emulated bridge opp: Fix return in _opp_add_static_v2() NFS: Fix deadlocks in nfs_scan_commit_list() fs: orangefs: fix error return code of orangefs_revalidate_lookup() mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare() mtd: core: don't remove debugfs directory if device is in use dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string auxdisplay: ht16k33: Connect backlight to fbdev auxdisplay: ht16k33: Fix frame buffer device blanking soc: fsl: dpaa2-console: free buffer before returning from dpaa2_console_read netfilter: nfnetlink_queue: fix OOB when mac header was cleared dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result` signal/sh: Use force_sig(SIGKILL) instead of do_group_exit(SIGKILL) m68k: set a default value for MEMORY_RESERVE watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT ar7: fix kernel builds for compiler test scsi: qla2xxx: Fix gnl list corruption scsi: qla2xxx: Turn off target reset during issue_lip NFSv4: Fix a regression in nfs_set_open_stateid_locked() i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()' xen-pciback: Fix return in pm_ctrl_init() net: davinci_emac: Fix interrupt pacing disable net: vlan: fix a UAF in vlan_dev_real_dev() ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration() zram: off by one in read_block_state() perf bpf: Add missing free to bpf_event__print_bpf_prog_info() llc: fix out-of-bound array index in llc_sk_dev_hash() nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding net/sched: sch_taprio: fix undefined behavior in ktime_mono_to_any net: hns3: allow configure ETS bandwidth of all TCs vsock: prevent unnecessary refcnt inc for nonblocking connect net/smc: fix sk_refcnt underflow on linkdown and fallback cxgb4: fix eeprom len when diagnostics not implemented selftests/net: udpgso_bench_rx: fix port argument ARM: 9155/1: fix early early_iounmap() ARM: 9156/1: drop cc-option fallbacks for architecture selection parisc: Fix backtrace to always include init funtion names parisc: Fix set_fixmap() on PA1.x CPUs irqchip/sifive-plic: Fixup EOI failed when masked f2fs: should use GFP_NOFS for directory inodes net, neigh: Enable state migration between NUD_PERMANENT and NTF_USE 9p/net: fix missing error check in p9_check_errors ovl: fix deadlock in splice write powerpc/lib: Add helper to check if offset is within conditional branch range powerpc/bpf: Validate branch ranges powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 powerpc/security: Add a helper to query stf_barrier type powerpc/bpf: Emit stf barrier instruction sequences for BPF_NOSPEC mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks mm, oom: do not trigger out_of_memory from the #PF video: backlight: Drop maximum brightness override for brightness zero s390/cio: check the subchannel validity for dev_busid s390/tape: fix timer initialization in tape_std_assign() s390/cio: make ccw_device_dma_* more robust powerpc/powernv/prd: Unregister OPAL_MSG_PRD2 notifier during module unload PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros SUNRPC: Partial revert of commit 6f9f17287e78 ath10k: fix invalid dma_addr_t token assignment selftests/bpf: Fix also no-alu32 strobemeta selftest Linux 5.4.160 Note, binder* patches were manually reverted as part of this merge, they are not present in this merge point at all. Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I1fb759dd89408adbe9b9ac1527af51bfdc4059de
1312 lines
35 KiB
C
1312 lines
35 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
/*
|
|
* Linux Socket Filter Data Structures
|
|
*/
|
|
#ifndef __LINUX_FILTER_H__
|
|
#define __LINUX_FILTER_H__
|
|
|
|
#include <stdarg.h>
|
|
|
|
#include <linux/atomic.h>
|
|
#include <linux/refcount.h>
|
|
#include <linux/compat.h>
|
|
#include <linux/skbuff.h>
|
|
#include <linux/linkage.h>
|
|
#include <linux/printk.h>
|
|
#include <linux/workqueue.h>
|
|
#include <linux/sched.h>
|
|
#include <linux/capability.h>
|
|
#include <linux/cryptohash.h>
|
|
#include <linux/set_memory.h>
|
|
#include <linux/kallsyms.h>
|
|
#include <linux/if_vlan.h>
|
|
#include <linux/vmalloc.h>
|
|
|
|
#include <net/sch_generic.h>
|
|
|
|
#include <asm/byteorder.h>
|
|
#include <uapi/linux/filter.h>
|
|
#include <uapi/linux/bpf.h>
|
|
|
|
struct sk_buff;
|
|
struct sock;
|
|
struct seccomp_data;
|
|
struct bpf_prog_aux;
|
|
struct xdp_rxq_info;
|
|
struct xdp_buff;
|
|
struct sock_reuseport;
|
|
struct ctl_table;
|
|
struct ctl_table_header;
|
|
|
|
/* ArgX, context and stack frame pointer register positions. Note,
|
|
* Arg1, Arg2, Arg3, etc are used as argument mappings of function
|
|
* calls in BPF_CALL instruction.
|
|
*/
|
|
#define BPF_REG_ARG1 BPF_REG_1
|
|
#define BPF_REG_ARG2 BPF_REG_2
|
|
#define BPF_REG_ARG3 BPF_REG_3
|
|
#define BPF_REG_ARG4 BPF_REG_4
|
|
#define BPF_REG_ARG5 BPF_REG_5
|
|
#define BPF_REG_CTX BPF_REG_6
|
|
#define BPF_REG_FP BPF_REG_10
|
|
|
|
/* Additional register mappings for converted user programs. */
|
|
#define BPF_REG_A BPF_REG_0
|
|
#define BPF_REG_X BPF_REG_7
|
|
#define BPF_REG_TMP BPF_REG_2 /* scratch reg */
|
|
#define BPF_REG_D BPF_REG_8 /* data, callee-saved */
|
|
#define BPF_REG_H BPF_REG_9 /* hlen, callee-saved */
|
|
|
|
/* Kernel hidden auxiliary/helper register. */
|
|
#define BPF_REG_AX MAX_BPF_REG
|
|
#define MAX_BPF_EXT_REG (MAX_BPF_REG + 1)
|
|
#define MAX_BPF_JIT_REG MAX_BPF_EXT_REG
|
|
|
|
/* unused opcode to mark special call to bpf_tail_call() helper */
|
|
#define BPF_TAIL_CALL 0xf0
|
|
|
|
/* unused opcode to mark call to interpreter with arguments */
|
|
#define BPF_CALL_ARGS 0xe0
|
|
|
|
/* unused opcode to mark speculation barrier for mitigating
|
|
* Speculative Store Bypass
|
|
*/
|
|
#define BPF_NOSPEC 0xc0
|
|
|
|
/* As per nm, we expose JITed images as text (code) section for
|
|
* kallsyms. That way, tools like perf can find it to match
|
|
* addresses.
|
|
*/
|
|
#define BPF_SYM_ELF_TYPE 't'
|
|
|
|
/* BPF program can access up to 512 bytes of stack space. */
|
|
#define MAX_BPF_STACK 512
|
|
|
|
/* Helper macros for filter block array initializers. */
|
|
|
|
/* ALU ops on registers, bpf_add|sub|...: dst_reg += src_reg */
|
|
|
|
#define BPF_ALU64_REG(OP, DST, SRC) \
|
|
((struct bpf_insn) { \
|
|
.code = BPF_ALU64 | BPF_OP(OP) | BPF_X, \
|
|
.dst_reg = DST, \
|
|
.src_reg = SRC, \
|
|
.off = 0, \
|
|
.imm = 0 })
|
|
|
|
#define BPF_ALU32_REG(OP, DST, SRC) \
|
|
((struct bpf_insn) { \
|
|
.code = BPF_ALU | BPF_OP(OP) | BPF_X, \
|
|
.dst_reg = DST, \
|
|
.src_reg = SRC, \
|
|
.off = 0, \
|
|
.imm = 0 })
|
|
|
|
/* ALU ops on immediates, bpf_add|sub|...: dst_reg += imm32 */
|
|
|
|
#define BPF_ALU64_IMM(OP, DST, IMM) \
|
|
((struct bpf_insn) { \
|
|
.code = BPF_ALU64 | BPF_OP(OP) | BPF_K, \
|
|
.dst_reg = DST, \
|
|
.src_reg = 0, \
|
|
.off = 0, \
|
|
.imm = IMM })
|
|
|
|
#define BPF_ALU32_IMM(OP, DST, IMM) \
|
|
((struct bpf_insn) { \
|
|
.code = BPF_ALU | BPF_OP(OP) | BPF_K, \
|
|
.dst_reg = DST, \
|
|
.src_reg = 0, \
|
|
.off = 0, \
|
|
.imm = IMM })
|
|
|
|
/* Endianess conversion, cpu_to_{l,b}e(), {l,b}e_to_cpu() */
|
|
|
|
#define BPF_ENDIAN(TYPE, DST, LEN) \
|
|
((struct bpf_insn) { \
|
|
.code = BPF_ALU | BPF_END | BPF_SRC(TYPE), \
|
|
.dst_reg = DST, \
|
|
.src_reg = 0, \
|
|
.off = 0, \
|
|
.imm = LEN })
|
|
|
|
/* Short form of mov, dst_reg = src_reg */
|
|
|
|
#define BPF_MOV64_REG(DST, SRC) \
|
|
((struct bpf_insn) { \
|
|
.code = BPF_ALU64 | BPF_MOV | BPF_X, \
|
|
.dst_reg = DST, \
|
|
.src_reg = SRC, \
|
|
.off = 0, \
|
|
.imm = 0 })
|
|
|
|
#define BPF_MOV32_REG(DST, SRC) \
|
|
((struct bpf_insn) { \
|
|
.code = BPF_ALU | BPF_MOV | BPF_X, \
|
|
.dst_reg = DST, \
|
|
.src_reg = SRC, \
|
|
.off = 0, \
|
|
.imm = 0 })
|
|
|
|
/* Short form of mov, dst_reg = imm32 */
|
|
|
|
#define BPF_MOV64_IMM(DST, IMM) \
|
|
((struct bpf_insn) { \
|
|
.code = BPF_ALU64 | BPF_MOV | BPF_K, \
|
|
.dst_reg = DST, \
|
|
.src_reg = 0, \
|
|
.off = 0, \
|
|
.imm = IMM })
|
|
|
|
#define BPF_MOV32_IMM(DST, IMM) \
|
|
((struct bpf_insn) { \
|
|
.code = BPF_ALU | BPF_MOV | BPF_K, \
|
|
.dst_reg = DST, \
|
|
.src_reg = 0, \
|
|
.off = 0, \
|
|
.imm = IMM })
|
|
|
|
/* Special form of mov32, used for doing explicit zero extension on dst. */
|
|
#define BPF_ZEXT_REG(DST) \
|
|
((struct bpf_insn) { \
|
|
.code = BPF_ALU | BPF_MOV | BPF_X, \
|
|
.dst_reg = DST, \
|
|
.src_reg = DST, \
|
|
.off = 0, \
|
|
.imm = 1 })
|
|
|
|
static inline bool insn_is_zext(const struct bpf_insn *insn)
|
|
{
|
|
return insn->code == (BPF_ALU | BPF_MOV | BPF_X) && insn->imm == 1;
|
|
}
|
|
|
|
/* BPF_LD_IMM64 macro encodes single 'load 64-bit immediate' insn */
|
|
#define BPF_LD_IMM64(DST, IMM) \
|
|
BPF_LD_IMM64_RAW(DST, 0, IMM)
|
|
|
|
#define BPF_LD_IMM64_RAW(DST, SRC, IMM) \
|
|
((struct bpf_insn) { \
|
|
.code = BPF_LD | BPF_DW | BPF_IMM, \
|
|
.dst_reg = DST, \
|
|
.src_reg = SRC, \
|
|
.off = 0, \
|
|
.imm = (__u32) (IMM) }), \
|
|
((struct bpf_insn) { \
|
|
.code = 0, /* zero is reserved opcode */ \
|
|
.dst_reg = 0, \
|
|
.src_reg = 0, \
|
|
.off = 0, \
|
|
.imm = ((__u64) (IMM)) >> 32 })
|
|
|
|
/* pseudo BPF_LD_IMM64 insn used to refer to process-local map_fd */
|
|
#define BPF_LD_MAP_FD(DST, MAP_FD) \
|
|
BPF_LD_IMM64_RAW(DST, BPF_PSEUDO_MAP_FD, MAP_FD)
|
|
|
|
/* Short form of mov based on type, BPF_X: dst_reg = src_reg, BPF_K: dst_reg = imm32 */
|
|
|
|
#define BPF_MOV64_RAW(TYPE, DST, SRC, IMM) \
|
|
((struct bpf_insn) { \
|
|
.code = BPF_ALU64 | BPF_MOV | BPF_SRC(TYPE), \
|
|
.dst_reg = DST, \
|
|
.src_reg = SRC, \
|
|
.off = 0, \
|
|
.imm = IMM })
|
|
|
|
#define BPF_MOV32_RAW(TYPE, DST, SRC, IMM) \
|
|
((struct bpf_insn) { \
|
|
.code = BPF_ALU | BPF_MOV | BPF_SRC(TYPE), \
|
|
.dst_reg = DST, \
|
|
.src_reg = SRC, \
|
|
.off = 0, \
|
|
.imm = IMM })
|
|
|
|
/* Direct packet access, R0 = *(uint *) (skb->data + imm32) */
|
|
|
|
#define BPF_LD_ABS(SIZE, IMM) \
|
|
((struct bpf_insn) { \
|
|
.code = BPF_LD | BPF_SIZE(SIZE) | BPF_ABS, \
|
|
.dst_reg = 0, \
|
|
.src_reg = 0, \
|
|
.off = 0, \
|
|
.imm = IMM })
|
|
|
|
/* Indirect packet access, R0 = *(uint *) (skb->data + src_reg + imm32) */
|
|
|
|
#define BPF_LD_IND(SIZE, SRC, IMM) \
|
|
((struct bpf_insn) { \
|
|
.code = BPF_LD | BPF_SIZE(SIZE) | BPF_IND, \
|
|
.dst_reg = 0, \
|
|
.src_reg = SRC, \
|
|
.off = 0, \
|
|
.imm = IMM })
|
|
|
|
/* Memory load, dst_reg = *(uint *) (src_reg + off16) */
|
|
|
|
#define BPF_LDX_MEM(SIZE, DST, SRC, OFF) \
|
|
((struct bpf_insn) { \
|
|
.code = BPF_LDX | BPF_SIZE(SIZE) | BPF_MEM, \
|
|
.dst_reg = DST, \
|
|
.src_reg = SRC, \
|
|
.off = OFF, \
|
|
.imm = 0 })
|
|
|
|
/* Memory store, *(uint *) (dst_reg + off16) = src_reg */
|
|
|
|
#define BPF_STX_MEM(SIZE, DST, SRC, OFF) \
|
|
((struct bpf_insn) { \
|
|
.code = BPF_STX | BPF_SIZE(SIZE) | BPF_MEM, \
|
|
.dst_reg = DST, \
|
|
.src_reg = SRC, \
|
|
.off = OFF, \
|
|
.imm = 0 })
|
|
|
|
/* Atomic memory add, *(uint *)(dst_reg + off16) += src_reg */
|
|
|
|
#define BPF_STX_XADD(SIZE, DST, SRC, OFF) \
|
|
((struct bpf_insn) { \
|
|
.code = BPF_STX | BPF_SIZE(SIZE) | BPF_XADD, \
|
|
.dst_reg = DST, \
|
|
.src_reg = SRC, \
|
|
.off = OFF, \
|
|
.imm = 0 })
|
|
|
|
/* Memory store, *(uint *) (dst_reg + off16) = imm32 */
|
|
|
|
#define BPF_ST_MEM(SIZE, DST, OFF, IMM) \
|
|
((struct bpf_insn) { \
|
|
.code = BPF_ST | BPF_SIZE(SIZE) | BPF_MEM, \
|
|
.dst_reg = DST, \
|
|
.src_reg = 0, \
|
|
.off = OFF, \
|
|
.imm = IMM })
|
|
|
|
/* Conditional jumps against registers, if (dst_reg 'op' src_reg) goto pc + off16 */
|
|
|
|
#define BPF_JMP_REG(OP, DST, SRC, OFF) \
|
|
((struct bpf_insn) { \
|
|
.code = BPF_JMP | BPF_OP(OP) | BPF_X, \
|
|
.dst_reg = DST, \
|
|
.src_reg = SRC, \
|
|
.off = OFF, \
|
|
.imm = 0 })
|
|
|
|
/* Conditional jumps against immediates, if (dst_reg 'op' imm32) goto pc + off16 */
|
|
|
|
#define BPF_JMP_IMM(OP, DST, IMM, OFF) \
|
|
((struct bpf_insn) { \
|
|
.code = BPF_JMP | BPF_OP(OP) | BPF_K, \
|
|
.dst_reg = DST, \
|
|
.src_reg = 0, \
|
|
.off = OFF, \
|
|
.imm = IMM })
|
|
|
|
/* Like BPF_JMP_REG, but with 32-bit wide operands for comparison. */
|
|
|
|
#define BPF_JMP32_REG(OP, DST, SRC, OFF) \
|
|
((struct bpf_insn) { \
|
|
.code = BPF_JMP32 | BPF_OP(OP) | BPF_X, \
|
|
.dst_reg = DST, \
|
|
.src_reg = SRC, \
|
|
.off = OFF, \
|
|
.imm = 0 })
|
|
|
|
/* Like BPF_JMP_IMM, but with 32-bit wide operands for comparison. */
|
|
|
|
#define BPF_JMP32_IMM(OP, DST, IMM, OFF) \
|
|
((struct bpf_insn) { \
|
|
.code = BPF_JMP32 | BPF_OP(OP) | BPF_K, \
|
|
.dst_reg = DST, \
|
|
.src_reg = 0, \
|
|
.off = OFF, \
|
|
.imm = IMM })
|
|
|
|
/* Unconditional jumps, goto pc + off16 */
|
|
|
|
#define BPF_JMP_A(OFF) \
|
|
((struct bpf_insn) { \
|
|
.code = BPF_JMP | BPF_JA, \
|
|
.dst_reg = 0, \
|
|
.src_reg = 0, \
|
|
.off = OFF, \
|
|
.imm = 0 })
|
|
|
|
/* Relative call */
|
|
|
|
#define BPF_CALL_REL(TGT) \
|
|
((struct bpf_insn) { \
|
|
.code = BPF_JMP | BPF_CALL, \
|
|
.dst_reg = 0, \
|
|
.src_reg = BPF_PSEUDO_CALL, \
|
|
.off = 0, \
|
|
.imm = TGT })
|
|
|
|
/* Function call */
|
|
|
|
#define BPF_CAST_CALL(x) \
|
|
((u64 (*)(u64, u64, u64, u64, u64))(x))
|
|
|
|
#define BPF_EMIT_CALL(FUNC) \
|
|
((struct bpf_insn) { \
|
|
.code = BPF_JMP | BPF_CALL, \
|
|
.dst_reg = 0, \
|
|
.src_reg = 0, \
|
|
.off = 0, \
|
|
.imm = ((FUNC) - __bpf_call_base) })
|
|
|
|
/* Raw code statement block */
|
|
|
|
#define BPF_RAW_INSN(CODE, DST, SRC, OFF, IMM) \
|
|
((struct bpf_insn) { \
|
|
.code = CODE, \
|
|
.dst_reg = DST, \
|
|
.src_reg = SRC, \
|
|
.off = OFF, \
|
|
.imm = IMM })
|
|
|
|
/* Program exit */
|
|
|
|
#define BPF_EXIT_INSN() \
|
|
((struct bpf_insn) { \
|
|
.code = BPF_JMP | BPF_EXIT, \
|
|
.dst_reg = 0, \
|
|
.src_reg = 0, \
|
|
.off = 0, \
|
|
.imm = 0 })
|
|
|
|
/* Speculation barrier */
|
|
|
|
#define BPF_ST_NOSPEC() \
|
|
((struct bpf_insn) { \
|
|
.code = BPF_ST | BPF_NOSPEC, \
|
|
.dst_reg = 0, \
|
|
.src_reg = 0, \
|
|
.off = 0, \
|
|
.imm = 0 })
|
|
|
|
/* Internal classic blocks for direct assignment */
|
|
|
|
#define __BPF_STMT(CODE, K) \
|
|
((struct sock_filter) BPF_STMT(CODE, K))
|
|
|
|
#define __BPF_JUMP(CODE, K, JT, JF) \
|
|
((struct sock_filter) BPF_JUMP(CODE, K, JT, JF))
|
|
|
|
#define bytes_to_bpf_size(bytes) \
|
|
({ \
|
|
int bpf_size = -EINVAL; \
|
|
\
|
|
if (bytes == sizeof(u8)) \
|
|
bpf_size = BPF_B; \
|
|
else if (bytes == sizeof(u16)) \
|
|
bpf_size = BPF_H; \
|
|
else if (bytes == sizeof(u32)) \
|
|
bpf_size = BPF_W; \
|
|
else if (bytes == sizeof(u64)) \
|
|
bpf_size = BPF_DW; \
|
|
\
|
|
bpf_size; \
|
|
})
|
|
|
|
#define bpf_size_to_bytes(bpf_size) \
|
|
({ \
|
|
int bytes = -EINVAL; \
|
|
\
|
|
if (bpf_size == BPF_B) \
|
|
bytes = sizeof(u8); \
|
|
else if (bpf_size == BPF_H) \
|
|
bytes = sizeof(u16); \
|
|
else if (bpf_size == BPF_W) \
|
|
bytes = sizeof(u32); \
|
|
else if (bpf_size == BPF_DW) \
|
|
bytes = sizeof(u64); \
|
|
\
|
|
bytes; \
|
|
})
|
|
|
|
#define BPF_SIZEOF(type) \
|
|
({ \
|
|
const int __size = bytes_to_bpf_size(sizeof(type)); \
|
|
BUILD_BUG_ON(__size < 0); \
|
|
__size; \
|
|
})
|
|
|
|
#define BPF_FIELD_SIZEOF(type, field) \
|
|
({ \
|
|
const int __size = bytes_to_bpf_size(FIELD_SIZEOF(type, field)); \
|
|
BUILD_BUG_ON(__size < 0); \
|
|
__size; \
|
|
})
|
|
|
|
#define BPF_LDST_BYTES(insn) \
|
|
({ \
|
|
const int __size = bpf_size_to_bytes(BPF_SIZE((insn)->code)); \
|
|
WARN_ON(__size < 0); \
|
|
__size; \
|
|
})
|
|
|
|
#define __BPF_MAP_0(m, v, ...) v
|
|
#define __BPF_MAP_1(m, v, t, a, ...) m(t, a)
|
|
#define __BPF_MAP_2(m, v, t, a, ...) m(t, a), __BPF_MAP_1(m, v, __VA_ARGS__)
|
|
#define __BPF_MAP_3(m, v, t, a, ...) m(t, a), __BPF_MAP_2(m, v, __VA_ARGS__)
|
|
#define __BPF_MAP_4(m, v, t, a, ...) m(t, a), __BPF_MAP_3(m, v, __VA_ARGS__)
|
|
#define __BPF_MAP_5(m, v, t, a, ...) m(t, a), __BPF_MAP_4(m, v, __VA_ARGS__)
|
|
|
|
#define __BPF_REG_0(...) __BPF_PAD(5)
|
|
#define __BPF_REG_1(...) __BPF_MAP(1, __VA_ARGS__), __BPF_PAD(4)
|
|
#define __BPF_REG_2(...) __BPF_MAP(2, __VA_ARGS__), __BPF_PAD(3)
|
|
#define __BPF_REG_3(...) __BPF_MAP(3, __VA_ARGS__), __BPF_PAD(2)
|
|
#define __BPF_REG_4(...) __BPF_MAP(4, __VA_ARGS__), __BPF_PAD(1)
|
|
#define __BPF_REG_5(...) __BPF_MAP(5, __VA_ARGS__)
|
|
|
|
#define __BPF_MAP(n, ...) __BPF_MAP_##n(__VA_ARGS__)
|
|
#define __BPF_REG(n, ...) __BPF_REG_##n(__VA_ARGS__)
|
|
|
|
#define __BPF_CAST(t, a) \
|
|
(__force t) \
|
|
(__force \
|
|
typeof(__builtin_choose_expr(sizeof(t) == sizeof(unsigned long), \
|
|
(unsigned long)0, (t)0))) a
|
|
#define __BPF_V void
|
|
#define __BPF_N
|
|
|
|
#define __BPF_DECL_ARGS(t, a) t a
|
|
#define __BPF_DECL_REGS(t, a) u64 a
|
|
|
|
#define __BPF_PAD(n) \
|
|
__BPF_MAP(n, __BPF_DECL_ARGS, __BPF_N, u64, __ur_1, u64, __ur_2, \
|
|
u64, __ur_3, u64, __ur_4, u64, __ur_5)
|
|
|
|
#define BPF_CALL_x(x, name, ...) \
|
|
static __always_inline \
|
|
u64 ____##name(__BPF_MAP(x, __BPF_DECL_ARGS, __BPF_V, __VA_ARGS__)); \
|
|
u64 name(__BPF_REG(x, __BPF_DECL_REGS, __BPF_N, __VA_ARGS__)); \
|
|
u64 name(__BPF_REG(x, __BPF_DECL_REGS, __BPF_N, __VA_ARGS__)) \
|
|
{ \
|
|
return ____##name(__BPF_MAP(x,__BPF_CAST,__BPF_N,__VA_ARGS__));\
|
|
} \
|
|
static __always_inline \
|
|
u64 ____##name(__BPF_MAP(x, __BPF_DECL_ARGS, __BPF_V, __VA_ARGS__))
|
|
|
|
#define BPF_CALL_0(name, ...) BPF_CALL_x(0, name, __VA_ARGS__)
|
|
#define BPF_CALL_1(name, ...) BPF_CALL_x(1, name, __VA_ARGS__)
|
|
#define BPF_CALL_2(name, ...) BPF_CALL_x(2, name, __VA_ARGS__)
|
|
#define BPF_CALL_3(name, ...) BPF_CALL_x(3, name, __VA_ARGS__)
|
|
#define BPF_CALL_4(name, ...) BPF_CALL_x(4, name, __VA_ARGS__)
|
|
#define BPF_CALL_5(name, ...) BPF_CALL_x(5, name, __VA_ARGS__)
|
|
|
|
#define bpf_ctx_range(TYPE, MEMBER) \
|
|
offsetof(TYPE, MEMBER) ... offsetofend(TYPE, MEMBER) - 1
|
|
#define bpf_ctx_range_till(TYPE, MEMBER1, MEMBER2) \
|
|
offsetof(TYPE, MEMBER1) ... offsetofend(TYPE, MEMBER2) - 1
|
|
#if BITS_PER_LONG == 64
|
|
# define bpf_ctx_range_ptr(TYPE, MEMBER) \
|
|
offsetof(TYPE, MEMBER) ... offsetofend(TYPE, MEMBER) - 1
|
|
#else
|
|
# define bpf_ctx_range_ptr(TYPE, MEMBER) \
|
|
offsetof(TYPE, MEMBER) ... offsetof(TYPE, MEMBER) + 8 - 1
|
|
#endif /* BITS_PER_LONG == 64 */
|
|
|
|
#define bpf_target_off(TYPE, MEMBER, SIZE, PTR_SIZE) \
|
|
({ \
|
|
BUILD_BUG_ON(FIELD_SIZEOF(TYPE, MEMBER) != (SIZE)); \
|
|
*(PTR_SIZE) = (SIZE); \
|
|
offsetof(TYPE, MEMBER); \
|
|
})
|
|
|
|
#ifdef CONFIG_COMPAT
|
|
/* A struct sock_filter is architecture independent. */
|
|
struct compat_sock_fprog {
|
|
u16 len;
|
|
compat_uptr_t filter; /* struct sock_filter * */
|
|
};
|
|
#endif
|
|
|
|
struct sock_fprog_kern {
|
|
u16 len;
|
|
struct sock_filter *filter;
|
|
};
|
|
|
|
#define BPF_BINARY_HEADER_MAGIC 0x05de0e82
|
|
|
|
struct bpf_binary_header {
|
|
#ifdef CONFIG_CFI_CLANG
|
|
u32 magic;
|
|
#endif
|
|
u32 pages;
|
|
/* Some arches need word alignment for their instructions */
|
|
u8 image[] __aligned(4);
|
|
};
|
|
|
|
struct bpf_prog {
|
|
u16 pages; /* Number of allocated pages */
|
|
u16 jited:1, /* Is our filter JIT'ed? */
|
|
jit_requested:1,/* archs need to JIT the prog */
|
|
gpl_compatible:1, /* Is filter GPL compatible? */
|
|
cb_access:1, /* Is control block accessed? */
|
|
dst_needed:1, /* Do we need dst entry? */
|
|
blinded:1, /* Was blinded */
|
|
is_func:1, /* program is a bpf function */
|
|
kprobe_override:1, /* Do we override a kprobe? */
|
|
has_callchain_buf:1, /* callchain buffer allocated? */
|
|
enforce_expected_attach_type:1; /* Enforce expected_attach_type checking at attach time */
|
|
enum bpf_prog_type type; /* Type of BPF program */
|
|
enum bpf_attach_type expected_attach_type; /* For some prog types */
|
|
u32 len; /* Number of filter blocks */
|
|
u32 jited_len; /* Size of jited insns in bytes */
|
|
u8 tag[BPF_TAG_SIZE];
|
|
struct bpf_prog_aux *aux; /* Auxiliary fields */
|
|
struct sock_fprog_kern *orig_prog; /* Original BPF program */
|
|
unsigned int (*bpf_func)(const void *ctx,
|
|
const struct bpf_insn *insn);
|
|
/* Instructions for interpreter */
|
|
union {
|
|
struct sock_filter insns[0];
|
|
struct bpf_insn insnsi[0];
|
|
};
|
|
};
|
|
|
|
struct sk_filter {
|
|
refcount_t refcnt;
|
|
struct rcu_head rcu;
|
|
struct bpf_prog *prog;
|
|
};
|
|
|
|
DECLARE_STATIC_KEY_FALSE(bpf_stats_enabled_key);
|
|
|
|
#if IS_ENABLED(CONFIG_BPF_JIT) && IS_ENABLED(CONFIG_CFI_CLANG)
|
|
/*
|
|
* With JIT, the kernel makes an indirect call to dynamically generated
|
|
* code. Use bpf_call_func to perform additional validation of the call
|
|
* target to narrow down attack surface. Architectures implementing BPF
|
|
* JIT can override arch_bpf_jit_check_func for arch-specific checking.
|
|
*/
|
|
extern bool arch_bpf_jit_check_func(const struct bpf_prog *prog);
|
|
|
|
static inline unsigned int __bpf_call_func(const struct bpf_prog *prog,
|
|
const void *ctx)
|
|
{
|
|
/* Call interpreter with CFI checking. */
|
|
return prog->bpf_func(ctx, prog->insnsi);
|
|
}
|
|
|
|
static inline struct bpf_binary_header *
|
|
bpf_jit_binary_hdr(const struct bpf_prog *fp);
|
|
|
|
static inline unsigned int __nocfi bpf_call_func(const struct bpf_prog *prog,
|
|
const void *ctx)
|
|
{
|
|
const struct bpf_binary_header *hdr = bpf_jit_binary_hdr(prog);
|
|
|
|
if (!IS_ENABLED(CONFIG_BPF_JIT_ALWAYS_ON) && !prog->jited)
|
|
return __bpf_call_func(prog, ctx);
|
|
|
|
/*
|
|
* We are about to call dynamically generated code. Check that the
|
|
* page has bpf_binary_header with a valid magic to limit possible
|
|
* call targets.
|
|
*/
|
|
BUG_ON(hdr->magic != BPF_BINARY_HEADER_MAGIC ||
|
|
!arch_bpf_jit_check_func(prog));
|
|
|
|
/* Call jited function without CFI checking. */
|
|
return prog->bpf_func(ctx, prog->insnsi);
|
|
}
|
|
|
|
static inline void bpf_jit_set_header_magic(struct bpf_binary_header *hdr)
|
|
{
|
|
hdr->magic = BPF_BINARY_HEADER_MAGIC;
|
|
}
|
|
#else
|
|
static inline unsigned int bpf_call_func(const struct bpf_prog *prog,
|
|
const void *ctx)
|
|
{
|
|
return prog->bpf_func(ctx, prog->insnsi);
|
|
}
|
|
|
|
static inline void bpf_jit_set_header_magic(struct bpf_binary_header *hdr)
|
|
{
|
|
}
|
|
#endif
|
|
|
|
#define BPF_PROG_RUN(prog, ctx) ({ \
|
|
u32 ret; \
|
|
cant_sleep(); \
|
|
if (static_branch_unlikely(&bpf_stats_enabled_key)) { \
|
|
struct bpf_prog_stats *stats; \
|
|
u64 start = sched_clock(); \
|
|
ret = bpf_call_func(prog, ctx); \
|
|
stats = this_cpu_ptr(prog->aux->stats); \
|
|
u64_stats_update_begin(&stats->syncp); \
|
|
stats->cnt++; \
|
|
stats->nsecs += sched_clock() - start; \
|
|
u64_stats_update_end(&stats->syncp); \
|
|
} else { \
|
|
ret = bpf_call_func(prog, ctx); \
|
|
} \
|
|
ret; })
|
|
|
|
#define BPF_SKB_CB_LEN QDISC_CB_PRIV_LEN
|
|
|
|
struct bpf_skb_data_end {
|
|
struct qdisc_skb_cb qdisc_cb;
|
|
void *data_meta;
|
|
void *data_end;
|
|
};
|
|
|
|
struct bpf_redirect_info {
|
|
u32 flags;
|
|
u32 tgt_index;
|
|
void *tgt_value;
|
|
struct bpf_map *map;
|
|
struct bpf_map *map_to_flush;
|
|
u32 kern_flags;
|
|
};
|
|
|
|
DECLARE_PER_CPU(struct bpf_redirect_info, bpf_redirect_info);
|
|
|
|
/* flags for bpf_redirect_info kern_flags */
|
|
#define BPF_RI_F_RF_NO_DIRECT BIT(0) /* no napi_direct on return_frame */
|
|
|
|
/* Compute the linear packet data range [data, data_end) which
|
|
* will be accessed by various program types (cls_bpf, act_bpf,
|
|
* lwt, ...). Subsystems allowing direct data access must (!)
|
|
* ensure that cb[] area can be written to when BPF program is
|
|
* invoked (otherwise cb[] save/restore is necessary).
|
|
*/
|
|
static inline void bpf_compute_data_pointers(struct sk_buff *skb)
|
|
{
|
|
struct bpf_skb_data_end *cb = (struct bpf_skb_data_end *)skb->cb;
|
|
|
|
BUILD_BUG_ON(sizeof(*cb) > FIELD_SIZEOF(struct sk_buff, cb));
|
|
cb->data_meta = skb->data - skb_metadata_len(skb);
|
|
cb->data_end = skb->data + skb_headlen(skb);
|
|
}
|
|
|
|
/* Similar to bpf_compute_data_pointers(), except that save orginal
|
|
* data in cb->data and cb->meta_data for restore.
|
|
*/
|
|
static inline void bpf_compute_and_save_data_end(
|
|
struct sk_buff *skb, void **saved_data_end)
|
|
{
|
|
struct bpf_skb_data_end *cb = (struct bpf_skb_data_end *)skb->cb;
|
|
|
|
*saved_data_end = cb->data_end;
|
|
cb->data_end = skb->data + skb_headlen(skb);
|
|
}
|
|
|
|
/* Restore data saved by bpf_compute_data_pointers(). */
|
|
static inline void bpf_restore_data_end(
|
|
struct sk_buff *skb, void *saved_data_end)
|
|
{
|
|
struct bpf_skb_data_end *cb = (struct bpf_skb_data_end *)skb->cb;
|
|
|
|
cb->data_end = saved_data_end;
|
|
}
|
|
|
|
static inline u8 *bpf_skb_cb(struct sk_buff *skb)
|
|
{
|
|
/* eBPF programs may read/write skb->cb[] area to transfer meta
|
|
* data between tail calls. Since this also needs to work with
|
|
* tc, that scratch memory is mapped to qdisc_skb_cb's data area.
|
|
*
|
|
* In some socket filter cases, the cb unfortunately needs to be
|
|
* saved/restored so that protocol specific skb->cb[] data won't
|
|
* be lost. In any case, due to unpriviledged eBPF programs
|
|
* attached to sockets, we need to clear the bpf_skb_cb() area
|
|
* to not leak previous contents to user space.
|
|
*/
|
|
BUILD_BUG_ON(FIELD_SIZEOF(struct __sk_buff, cb) != BPF_SKB_CB_LEN);
|
|
BUILD_BUG_ON(FIELD_SIZEOF(struct __sk_buff, cb) !=
|
|
FIELD_SIZEOF(struct qdisc_skb_cb, data));
|
|
|
|
return qdisc_skb_cb(skb)->data;
|
|
}
|
|
|
|
static inline u32 __bpf_prog_run_save_cb(const struct bpf_prog *prog,
|
|
struct sk_buff *skb)
|
|
{
|
|
u8 *cb_data = bpf_skb_cb(skb);
|
|
u8 cb_saved[BPF_SKB_CB_LEN];
|
|
u32 res;
|
|
|
|
if (unlikely(prog->cb_access)) {
|
|
memcpy(cb_saved, cb_data, sizeof(cb_saved));
|
|
memset(cb_data, 0, sizeof(cb_saved));
|
|
}
|
|
|
|
res = BPF_PROG_RUN(prog, skb);
|
|
|
|
if (unlikely(prog->cb_access))
|
|
memcpy(cb_data, cb_saved, sizeof(cb_saved));
|
|
|
|
return res;
|
|
}
|
|
|
|
static inline u32 bpf_prog_run_save_cb(const struct bpf_prog *prog,
|
|
struct sk_buff *skb)
|
|
{
|
|
u32 res;
|
|
|
|
preempt_disable();
|
|
res = __bpf_prog_run_save_cb(prog, skb);
|
|
preempt_enable();
|
|
return res;
|
|
}
|
|
|
|
static inline u32 bpf_prog_run_clear_cb(const struct bpf_prog *prog,
|
|
struct sk_buff *skb)
|
|
{
|
|
u8 *cb_data = bpf_skb_cb(skb);
|
|
u32 res;
|
|
|
|
if (unlikely(prog->cb_access))
|
|
memset(cb_data, 0, BPF_SKB_CB_LEN);
|
|
|
|
preempt_disable();
|
|
res = BPF_PROG_RUN(prog, skb);
|
|
preempt_enable();
|
|
return res;
|
|
}
|
|
|
|
static __always_inline u32 bpf_prog_run_xdp(const struct bpf_prog *prog,
|
|
struct xdp_buff *xdp)
|
|
{
|
|
/* Caller needs to hold rcu_read_lock() (!), otherwise program
|
|
* can be released while still running, or map elements could be
|
|
* freed early while still having concurrent users. XDP fastpath
|
|
* already takes rcu_read_lock() when fetching the program, so
|
|
* it's not necessary here anymore.
|
|
*/
|
|
return BPF_PROG_RUN(prog, xdp);
|
|
}
|
|
|
|
static inline u32 bpf_prog_insn_size(const struct bpf_prog *prog)
|
|
{
|
|
return prog->len * sizeof(struct bpf_insn);
|
|
}
|
|
|
|
static inline u32 bpf_prog_tag_scratch_size(const struct bpf_prog *prog)
|
|
{
|
|
return round_up(bpf_prog_insn_size(prog) +
|
|
sizeof(__be64) + 1, SHA_MESSAGE_BYTES);
|
|
}
|
|
|
|
static inline unsigned int bpf_prog_size(unsigned int proglen)
|
|
{
|
|
return max(sizeof(struct bpf_prog),
|
|
offsetof(struct bpf_prog, insns[proglen]));
|
|
}
|
|
|
|
static inline bool bpf_prog_was_classic(const struct bpf_prog *prog)
|
|
{
|
|
/* When classic BPF programs have been loaded and the arch
|
|
* does not have a classic BPF JIT (anymore), they have been
|
|
* converted via bpf_migrate_filter() to eBPF and thus always
|
|
* have an unspec program type.
|
|
*/
|
|
return prog->type == BPF_PROG_TYPE_UNSPEC;
|
|
}
|
|
|
|
static inline u32 bpf_ctx_off_adjust_machine(u32 size)
|
|
{
|
|
const u32 size_machine = sizeof(unsigned long);
|
|
|
|
if (size > size_machine && size % size_machine == 0)
|
|
size = size_machine;
|
|
|
|
return size;
|
|
}
|
|
|
|
static inline bool
|
|
bpf_ctx_narrow_access_ok(u32 off, u32 size, u32 size_default)
|
|
{
|
|
return size <= size_default && (size & (size - 1)) == 0;
|
|
}
|
|
|
|
static inline u8
|
|
bpf_ctx_narrow_access_offset(u32 off, u32 size, u32 size_default)
|
|
{
|
|
u8 access_off = off & (size_default - 1);
|
|
|
|
#ifdef __LITTLE_ENDIAN
|
|
return access_off;
|
|
#else
|
|
return size_default - (access_off + size);
|
|
#endif
|
|
}
|
|
|
|
#define bpf_ctx_wide_access_ok(off, size, type, field) \
|
|
(size == sizeof(__u64) && \
|
|
off >= offsetof(type, field) && \
|
|
off + sizeof(__u64) <= offsetofend(type, field) && \
|
|
off % sizeof(__u64) == 0)
|
|
|
|
#define bpf_classic_proglen(fprog) (fprog->len * sizeof(fprog->filter[0]))
|
|
|
|
static inline void bpf_prog_lock_ro(struct bpf_prog *fp)
|
|
{
|
|
#ifndef CONFIG_BPF_JIT_ALWAYS_ON
|
|
if (!fp->jited) {
|
|
set_vm_flush_reset_perms(fp);
|
|
set_memory_ro((unsigned long)fp, fp->pages);
|
|
}
|
|
#endif
|
|
}
|
|
|
|
static inline void bpf_jit_binary_lock_ro(struct bpf_binary_header *hdr)
|
|
{
|
|
set_vm_flush_reset_perms(hdr);
|
|
set_memory_ro((unsigned long)hdr, hdr->pages);
|
|
set_memory_x((unsigned long)hdr, hdr->pages);
|
|
}
|
|
|
|
static inline struct bpf_binary_header *
|
|
bpf_jit_binary_hdr(const struct bpf_prog *fp)
|
|
{
|
|
unsigned long real_start = (unsigned long)fp->bpf_func;
|
|
unsigned long addr = real_start & PAGE_MASK;
|
|
|
|
return (void *)addr;
|
|
}
|
|
|
|
int sk_filter_trim_cap(struct sock *sk, struct sk_buff *skb, unsigned int cap);
|
|
static inline int sk_filter(struct sock *sk, struct sk_buff *skb)
|
|
{
|
|
return sk_filter_trim_cap(sk, skb, 1);
|
|
}
|
|
|
|
struct bpf_prog *bpf_prog_select_runtime(struct bpf_prog *fp, int *err);
|
|
void bpf_prog_free(struct bpf_prog *fp);
|
|
|
|
bool bpf_opcode_in_insntable(u8 code);
|
|
|
|
void bpf_prog_free_linfo(struct bpf_prog *prog);
|
|
void bpf_prog_fill_jited_linfo(struct bpf_prog *prog,
|
|
const u32 *insn_to_jit_off);
|
|
int bpf_prog_alloc_jited_linfo(struct bpf_prog *prog);
|
|
void bpf_prog_free_jited_linfo(struct bpf_prog *prog);
|
|
void bpf_prog_free_unused_jited_linfo(struct bpf_prog *prog);
|
|
|
|
struct bpf_prog *bpf_prog_alloc(unsigned int size, gfp_t gfp_extra_flags);
|
|
struct bpf_prog *bpf_prog_alloc_no_stats(unsigned int size, gfp_t gfp_extra_flags);
|
|
struct bpf_prog *bpf_prog_realloc(struct bpf_prog *fp_old, unsigned int size,
|
|
gfp_t gfp_extra_flags);
|
|
void __bpf_prog_free(struct bpf_prog *fp);
|
|
|
|
static inline void bpf_prog_unlock_free(struct bpf_prog *fp)
|
|
{
|
|
__bpf_prog_free(fp);
|
|
}
|
|
|
|
typedef int (*bpf_aux_classic_check_t)(struct sock_filter *filter,
|
|
unsigned int flen);
|
|
|
|
int bpf_prog_create(struct bpf_prog **pfp, struct sock_fprog_kern *fprog);
|
|
int bpf_prog_create_from_user(struct bpf_prog **pfp, struct sock_fprog *fprog,
|
|
bpf_aux_classic_check_t trans, bool save_orig);
|
|
void bpf_prog_destroy(struct bpf_prog *fp);
|
|
|
|
int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk);
|
|
int sk_attach_bpf(u32 ufd, struct sock *sk);
|
|
int sk_reuseport_attach_filter(struct sock_fprog *fprog, struct sock *sk);
|
|
int sk_reuseport_attach_bpf(u32 ufd, struct sock *sk);
|
|
void sk_reuseport_prog_free(struct bpf_prog *prog);
|
|
int sk_detach_filter(struct sock *sk);
|
|
int sk_get_filter(struct sock *sk, struct sock_filter __user *filter,
|
|
unsigned int len);
|
|
|
|
bool sk_filter_charge(struct sock *sk, struct sk_filter *fp);
|
|
void sk_filter_uncharge(struct sock *sk, struct sk_filter *fp);
|
|
|
|
u64 __bpf_call_base(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5);
|
|
#define __bpf_call_base_args \
|
|
((u64 (*)(u64, u64, u64, u64, u64, const struct bpf_insn *)) \
|
|
(void *)__bpf_call_base)
|
|
|
|
struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog);
|
|
void bpf_jit_compile(struct bpf_prog *prog);
|
|
bool bpf_jit_needs_zext(void);
|
|
bool bpf_helper_changes_pkt_data(void *func);
|
|
|
|
static inline bool bpf_dump_raw_ok(const struct cred *cred)
|
|
{
|
|
/* Reconstruction of call-sites is dependent on kallsyms,
|
|
* thus make dump the same restriction.
|
|
*/
|
|
return kallsyms_show_value(cred);
|
|
}
|
|
|
|
struct bpf_prog *bpf_patch_insn_single(struct bpf_prog *prog, u32 off,
|
|
const struct bpf_insn *patch, u32 len);
|
|
int bpf_remove_insns(struct bpf_prog *prog, u32 off, u32 cnt);
|
|
|
|
void bpf_clear_redirect_map(struct bpf_map *map);
|
|
|
|
static inline bool xdp_return_frame_no_direct(void)
|
|
{
|
|
struct bpf_redirect_info *ri = this_cpu_ptr(&bpf_redirect_info);
|
|
|
|
return ri->kern_flags & BPF_RI_F_RF_NO_DIRECT;
|
|
}
|
|
|
|
static inline void xdp_set_return_frame_no_direct(void)
|
|
{
|
|
struct bpf_redirect_info *ri = this_cpu_ptr(&bpf_redirect_info);
|
|
|
|
ri->kern_flags |= BPF_RI_F_RF_NO_DIRECT;
|
|
}
|
|
|
|
static inline void xdp_clear_return_frame_no_direct(void)
|
|
{
|
|
struct bpf_redirect_info *ri = this_cpu_ptr(&bpf_redirect_info);
|
|
|
|
ri->kern_flags &= ~BPF_RI_F_RF_NO_DIRECT;
|
|
}
|
|
|
|
static inline int xdp_ok_fwd_dev(const struct net_device *fwd,
|
|
unsigned int pktlen)
|
|
{
|
|
unsigned int len;
|
|
|
|
if (unlikely(!(fwd->flags & IFF_UP)))
|
|
return -ENETDOWN;
|
|
|
|
len = fwd->mtu + fwd->hard_header_len + VLAN_HLEN;
|
|
if (pktlen > len)
|
|
return -EMSGSIZE;
|
|
|
|
return 0;
|
|
}
|
|
|
|
/* The pair of xdp_do_redirect and xdp_do_flush_map MUST be called in the
|
|
* same cpu context. Further for best results no more than a single map
|
|
* for the do_redirect/do_flush pair should be used. This limitation is
|
|
* because we only track one map and force a flush when the map changes.
|
|
* This does not appear to be a real limitation for existing software.
|
|
*/
|
|
int xdp_do_generic_redirect(struct net_device *dev, struct sk_buff *skb,
|
|
struct xdp_buff *xdp, struct bpf_prog *prog);
|
|
int xdp_do_redirect(struct net_device *dev,
|
|
struct xdp_buff *xdp,
|
|
struct bpf_prog *prog);
|
|
void xdp_do_flush_map(void);
|
|
|
|
void bpf_warn_invalid_xdp_action(u32 act);
|
|
|
|
#ifdef CONFIG_INET
|
|
struct sock *bpf_run_sk_reuseport(struct sock_reuseport *reuse, struct sock *sk,
|
|
struct bpf_prog *prog, struct sk_buff *skb,
|
|
u32 hash);
|
|
#else
|
|
static inline struct sock *
|
|
bpf_run_sk_reuseport(struct sock_reuseport *reuse, struct sock *sk,
|
|
struct bpf_prog *prog, struct sk_buff *skb,
|
|
u32 hash)
|
|
{
|
|
return NULL;
|
|
}
|
|
#endif
|
|
|
|
#ifdef CONFIG_BPF_JIT
|
|
extern int bpf_jit_enable;
|
|
extern int bpf_jit_harden;
|
|
extern int bpf_jit_kallsyms;
|
|
extern long bpf_jit_limit;
|
|
extern long bpf_jit_limit_max;
|
|
|
|
typedef void (*bpf_jit_fill_hole_t)(void *area, unsigned int size);
|
|
|
|
struct bpf_binary_header *
|
|
bpf_jit_binary_alloc(unsigned int proglen, u8 **image_ptr,
|
|
unsigned int alignment,
|
|
bpf_jit_fill_hole_t bpf_fill_ill_insns);
|
|
void bpf_jit_binary_free(struct bpf_binary_header *hdr);
|
|
u64 bpf_jit_alloc_exec_limit(void);
|
|
void *bpf_jit_alloc_exec(unsigned long size);
|
|
void bpf_jit_free_exec(void *addr);
|
|
void bpf_jit_free(struct bpf_prog *fp);
|
|
|
|
int bpf_jit_get_func_addr(const struct bpf_prog *prog,
|
|
const struct bpf_insn *insn, bool extra_pass,
|
|
u64 *func_addr, bool *func_addr_fixed);
|
|
|
|
struct bpf_prog *bpf_jit_blind_constants(struct bpf_prog *fp);
|
|
void bpf_jit_prog_release_other(struct bpf_prog *fp, struct bpf_prog *fp_other);
|
|
|
|
static inline void bpf_jit_dump(unsigned int flen, unsigned int proglen,
|
|
u32 pass, void *image)
|
|
{
|
|
pr_err("flen=%u proglen=%u pass=%u image=%pK from=%s pid=%d\n", flen,
|
|
proglen, pass, image, current->comm, task_pid_nr(current));
|
|
|
|
if (image)
|
|
print_hex_dump(KERN_ERR, "JIT code: ", DUMP_PREFIX_OFFSET,
|
|
16, 1, image, proglen, false);
|
|
}
|
|
|
|
static inline bool bpf_jit_is_ebpf(void)
|
|
{
|
|
# ifdef CONFIG_HAVE_EBPF_JIT
|
|
return true;
|
|
# else
|
|
return false;
|
|
# endif
|
|
}
|
|
|
|
static inline bool ebpf_jit_enabled(void)
|
|
{
|
|
return bpf_jit_enable && bpf_jit_is_ebpf();
|
|
}
|
|
|
|
static inline bool bpf_prog_ebpf_jited(const struct bpf_prog *fp)
|
|
{
|
|
return fp->jited && bpf_jit_is_ebpf();
|
|
}
|
|
|
|
static inline bool bpf_jit_blinding_enabled(struct bpf_prog *prog)
|
|
{
|
|
/* These are the prerequisites, should someone ever have the
|
|
* idea to call blinding outside of them, we make sure to
|
|
* bail out.
|
|
*/
|
|
if (!bpf_jit_is_ebpf())
|
|
return false;
|
|
if (!prog->jit_requested)
|
|
return false;
|
|
if (!bpf_jit_harden)
|
|
return false;
|
|
if (bpf_jit_harden == 1 && capable(CAP_SYS_ADMIN))
|
|
return false;
|
|
|
|
return true;
|
|
}
|
|
|
|
static inline bool bpf_jit_kallsyms_enabled(void)
|
|
{
|
|
/* There are a couple of corner cases where kallsyms should
|
|
* not be enabled f.e. on hardening.
|
|
*/
|
|
if (bpf_jit_harden)
|
|
return false;
|
|
if (!bpf_jit_kallsyms)
|
|
return false;
|
|
if (bpf_jit_kallsyms == 1)
|
|
return true;
|
|
|
|
return false;
|
|
}
|
|
|
|
const char *__bpf_address_lookup(unsigned long addr, unsigned long *size,
|
|
unsigned long *off, char *sym);
|
|
bool is_bpf_text_address(unsigned long addr);
|
|
int bpf_get_kallsym(unsigned int symnum, unsigned long *value, char *type,
|
|
char *sym);
|
|
|
|
static inline const char *
|
|
bpf_address_lookup(unsigned long addr, unsigned long *size,
|
|
unsigned long *off, char **modname, char *sym)
|
|
{
|
|
const char *ret = __bpf_address_lookup(addr, size, off, sym);
|
|
|
|
if (ret && modname)
|
|
*modname = NULL;
|
|
return ret;
|
|
}
|
|
|
|
void bpf_prog_kallsyms_add(struct bpf_prog *fp);
|
|
void bpf_prog_kallsyms_del(struct bpf_prog *fp);
|
|
void bpf_get_prog_name(const struct bpf_prog *prog, char *sym);
|
|
|
|
#else /* CONFIG_BPF_JIT */
|
|
|
|
static inline bool ebpf_jit_enabled(void)
|
|
{
|
|
return false;
|
|
}
|
|
|
|
static inline bool bpf_prog_ebpf_jited(const struct bpf_prog *fp)
|
|
{
|
|
return false;
|
|
}
|
|
|
|
static inline void bpf_jit_free(struct bpf_prog *fp)
|
|
{
|
|
bpf_prog_unlock_free(fp);
|
|
}
|
|
|
|
static inline bool bpf_jit_kallsyms_enabled(void)
|
|
{
|
|
return false;
|
|
}
|
|
|
|
static inline const char *
|
|
__bpf_address_lookup(unsigned long addr, unsigned long *size,
|
|
unsigned long *off, char *sym)
|
|
{
|
|
return NULL;
|
|
}
|
|
|
|
static inline bool is_bpf_text_address(unsigned long addr)
|
|
{
|
|
return false;
|
|
}
|
|
|
|
static inline int bpf_get_kallsym(unsigned int symnum, unsigned long *value,
|
|
char *type, char *sym)
|
|
{
|
|
return -ERANGE;
|
|
}
|
|
|
|
static inline const char *
|
|
bpf_address_lookup(unsigned long addr, unsigned long *size,
|
|
unsigned long *off, char **modname, char *sym)
|
|
{
|
|
return NULL;
|
|
}
|
|
|
|
static inline void bpf_prog_kallsyms_add(struct bpf_prog *fp)
|
|
{
|
|
}
|
|
|
|
static inline void bpf_prog_kallsyms_del(struct bpf_prog *fp)
|
|
{
|
|
}
|
|
|
|
static inline void bpf_get_prog_name(const struct bpf_prog *prog, char *sym)
|
|
{
|
|
sym[0] = '\0';
|
|
}
|
|
|
|
#endif /* CONFIG_BPF_JIT */
|
|
|
|
void bpf_prog_kallsyms_del_all(struct bpf_prog *fp);
|
|
|
|
#define BPF_ANC BIT(15)
|
|
|
|
static inline bool bpf_needs_clear_a(const struct sock_filter *first)
|
|
{
|
|
switch (first->code) {
|
|
case BPF_RET | BPF_K:
|
|
case BPF_LD | BPF_W | BPF_LEN:
|
|
return false;
|
|
|
|
case BPF_LD | BPF_W | BPF_ABS:
|
|
case BPF_LD | BPF_H | BPF_ABS:
|
|
case BPF_LD | BPF_B | BPF_ABS:
|
|
if (first->k == SKF_AD_OFF + SKF_AD_ALU_XOR_X)
|
|
return true;
|
|
return false;
|
|
|
|
default:
|
|
return true;
|
|
}
|
|
}
|
|
|
|
static inline u16 bpf_anc_helper(const struct sock_filter *ftest)
|
|
{
|
|
BUG_ON(ftest->code & BPF_ANC);
|
|
|
|
switch (ftest->code) {
|
|
case BPF_LD | BPF_W | BPF_ABS:
|
|
case BPF_LD | BPF_H | BPF_ABS:
|
|
case BPF_LD | BPF_B | BPF_ABS:
|
|
#define BPF_ANCILLARY(CODE) case SKF_AD_OFF + SKF_AD_##CODE: \
|
|
return BPF_ANC | SKF_AD_##CODE
|
|
switch (ftest->k) {
|
|
BPF_ANCILLARY(PROTOCOL);
|
|
BPF_ANCILLARY(PKTTYPE);
|
|
BPF_ANCILLARY(IFINDEX);
|
|
BPF_ANCILLARY(NLATTR);
|
|
BPF_ANCILLARY(NLATTR_NEST);
|
|
BPF_ANCILLARY(MARK);
|
|
BPF_ANCILLARY(QUEUE);
|
|
BPF_ANCILLARY(HATYPE);
|
|
BPF_ANCILLARY(RXHASH);
|
|
BPF_ANCILLARY(CPU);
|
|
BPF_ANCILLARY(ALU_XOR_X);
|
|
BPF_ANCILLARY(VLAN_TAG);
|
|
BPF_ANCILLARY(VLAN_TAG_PRESENT);
|
|
BPF_ANCILLARY(PAY_OFFSET);
|
|
BPF_ANCILLARY(RANDOM);
|
|
BPF_ANCILLARY(VLAN_TPID);
|
|
}
|
|
/* Fallthrough. */
|
|
default:
|
|
return ftest->code;
|
|
}
|
|
}
|
|
|
|
void *bpf_internal_load_pointer_neg_helper(const struct sk_buff *skb,
|
|
int k, unsigned int size);
|
|
|
|
static inline void *bpf_load_pointer(const struct sk_buff *skb, int k,
|
|
unsigned int size, void *buffer)
|
|
{
|
|
if (k >= 0)
|
|
return skb_header_pointer(skb, k, size, buffer);
|
|
|
|
return bpf_internal_load_pointer_neg_helper(skb, k, size);
|
|
}
|
|
|
|
static inline int bpf_tell_extensions(void)
|
|
{
|
|
return SKF_AD_MAX;
|
|
}
|
|
|
|
struct bpf_sock_addr_kern {
|
|
struct sock *sk;
|
|
struct sockaddr *uaddr;
|
|
/* Temporary "register" to make indirect stores to nested structures
|
|
* defined above. We need three registers to make such a store, but
|
|
* only two (src and dst) are available at convert_ctx_access time
|
|
*/
|
|
u64 tmp_reg;
|
|
void *t_ctx; /* Attach type specific context. */
|
|
};
|
|
|
|
struct bpf_sock_ops_kern {
|
|
struct sock *sk;
|
|
u32 op;
|
|
union {
|
|
u32 args[4];
|
|
u32 reply;
|
|
u32 replylong[4];
|
|
};
|
|
u32 is_fullsock;
|
|
u64 temp; /* temp and everything after is not
|
|
* initialized to 0 before calling
|
|
* the BPF program. New fields that
|
|
* should be initialized to 0 should
|
|
* be inserted before temp.
|
|
* temp is scratch storage used by
|
|
* sock_ops_convert_ctx_access
|
|
* as temporary storage of a register.
|
|
*/
|
|
};
|
|
|
|
struct bpf_sysctl_kern {
|
|
struct ctl_table_header *head;
|
|
struct ctl_table *table;
|
|
void *cur_val;
|
|
size_t cur_len;
|
|
void *new_val;
|
|
size_t new_len;
|
|
int new_updated;
|
|
int write;
|
|
loff_t *ppos;
|
|
/* Temporary "register" for indirect stores to ppos. */
|
|
u64 tmp_reg;
|
|
};
|
|
|
|
struct bpf_sockopt_kern {
|
|
struct sock *sk;
|
|
u8 *optval;
|
|
u8 *optval_end;
|
|
s32 level;
|
|
s32 optname;
|
|
s32 optlen;
|
|
s32 retval;
|
|
};
|
|
|
|
#endif /* __LINUX_FILTER_H__ */
|